CVE-2025-31672 Apache POI vulnerability
search cancel

CVE-2025-31672 Apache POI vulnerability

book

Article ID: 405206

calendar_today

Updated On:

Products

CA Service Management - Service Desk Manager CA Service Desk Manager

Issue/Introduction

The following vulnerability appears after running a scan on the Service Desk Manager server:

Plugin 234190 - Apache POI < 5.4.0 Improper Input Validation - CVE-2025-31672
It is located in the following path: Path NX_ROOT\java\lib\poi-4.1.0.jar
Installed version: 4.1.0 Fixed version: 5.4.0

Environment

Service Desk Manager 17.4

Resolution

The Engineering team has reviewed this issue and confirmed this vulnerability cannot be exploited as POI is used by GRLoader(a command line utility) and it can only be executed on the SDM server. 

Additional Information

CVE-2025-31672 will be addressed in future releases and builds.  Please subscribe to this article for any updates.

Powered by Wolken Software